Vulnerability Note VU#649212

libpng fails to properly initialize element pointers

Original Release date: 02 Mar 2009 | Last revised: 06 Mar 2009


Libpng contains a vulnerability in the way element pointers are handled.


A vulnerability in the way libpng handles element pointers may result in uninitialized element pointers. This vulnerability is due to an off-by-one error introduced in multiple functions in libpng-0.89c. According to the PNG Development Group:

If the application runs out of memory during the loop, some of the element pointers will be uninitialized. Libpng will then longjmp to a cleanup process that attempts to free all of the elements in the array, including the uninitialized ones. This behavior could be forced by a malevolent input.

Note that this issue affects all versions of libpng prior to libpng-1.0.43 and libpng-1.2.35.


This vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service.


The PNG Development Group has issued an upgrade to address this issue. See libpng version 1.2.35 for more information.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
libpngAffected-02 Mar 2009
3com, Inc.Unknown05 Mar 200905 Mar 2009
ACCESSUnknown05 Mar 200905 Mar 2009
Alcatel-LucentUnknown05 Mar 200905 Mar 2009
Apple Computer, Inc.Unknown05 Mar 200905 Mar 2009
AT&TUnknown05 Mar 200905 Mar 2009
Avaya, Inc.Unknown05 Mar 200905 Mar 2009
Barracuda NetworksUnknown05 Mar 200905 Mar 2009
Belkin, Inc.Unknown05 Mar 200905 Mar 2009
Borderware TechnologiesUnknown05 Mar 200905 Mar 2009
BroUnknown05 Mar 200905 Mar 2009
Charlotte's Web NetworksUnknown05 Mar 200905 Mar 2009
Check Point Software TechnologiesUnknown05 Mar 200905 Mar 2009
Cisco Systems, Inc.Unknown05 Mar 200905 Mar 2009
ClavisterUnknown05 Mar 200905 Mar 2009
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A



This issue was reported by the PNG Development Group in libpng version 1.2.35.

This document was written by Chris Taschner.

Other Information

  • CVE IDs: CVE-2009-0040
  • Date Public: 19 Feb 2009
  • Date First Published: 02 Mar 2009
  • Date Last Updated: 06 Mar 2009
  • Severity Metric: 3.49
  • Document Revision: 11


If you have feedback, comments, or additional information about this vulnerability, please send us email.